Hackeriet

User Tools

Site Tools

You are here: start » infra » hosts » ingress
infra:hosts:ingress

This is an old revision of the document!

Table of Contents

Ingress

Purpose

ingress.hackeriet.no is a service host used as a web ingress and reverse proxy for Hackeriet services. Known services routed through ingress include:

Service-specific deployment details belong on the relevant service pages. This page is an emergency runbook and access guide, not inventory. Use NetBox for canonical VM details, IP assignments, tenant, and current placement.

Access

Normal access:

  • ssh <your-hacker-id-username>@ingress.hackeriet.no

Access is managed through Hacker-ID / Kanidm. The relevant group is documented on Hacker-ID:

  • service-webingress-sysops - SSH + sudo + docker for ingress

Network

Observed DNS on 2026-05-25:

  • ingress.hackeriet.no A: 185.35.202.240
  • ingress.hackeriet.no AAAA: 2a02:ed06::240

Observed host addresses on 2026-05-25:

  • ens18: 185.35.202.240/32, 2a02:ed06::240/64
  • ens19: 10.10.50.50/24

Treat these as emergency orientation only. NetBox should remain the source of truth for address assignments.

Operating system

Observed over SSH on 2026-05-25:

  • OS: Rocky Linux 9.5 (Blue Onyx)
  • Kernel: 5.14.0-503.35.1.el9_5.x86_64

Key services

Observed running services on 2026-05-25:

  • nginx - HTTP reverse proxy
  • firewalld - host firewall
  • kanidm-unixd and kanidm-unixd-tasks - Hacker-ID Unix integration
  • sshd - SSH access
  • chronyd - time sync
  • rsyslog - system logging
  • qemu-guest-agent - guest integration

No failed systemd units were observed at that time.

Credentials

Do not paste secrets into the wiki.

Relevant hackeriet/pass entries:

  • root@ingress.hackeriet.no.gpg

If root or service credentials are needed, look in hackeriet/pass and keep decrypted values out of the wiki.

Checks during incidents

Basic host checks: 

hostname -f
id
systemctl --failed --no-pager
df -h -x tmpfs -x devtmpfs
ip -br addr show scope global

Service checks: 

systemctl status nginx firewalld kanidm-unixd sshd
journalctl -u nginx --since "1 hour ago"
journalctl -u sshd --since "1 hour ago"

DNS checks from another machine: 

dig +short ingress.hackeriet.no A
dig +short ingress.hackeriet.no AAAA
dig +short ip.hackeriet.no A
dig +short nms.hackeriet.no A

If SSH is unavailable, verify current placement in NetBox or another active source of truth. Do not use old host006/VM 510 placement as current recovery guidance.

/srv/hackeriet-wiki/dokuwiki/data/attic/infra/hosts/ingress.1779745433.txt.gz · Last modified: by atluxity_idp.hackeriet.no